What Boards Must Demand in the Age of AI-Automated Exploitation
“You knew, and you could have acted. Why didn’t you?” This is the question you do not want to be...
Hacking
Category Added in a WPeMatico Campaign
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that...
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Ravie LakshmananMar 11, 2026DevSecOps / AI Security A threat actor known as UNC6426 leveraged keys stolen following the supply chain...
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the...
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
Ravie LakshmananMar 10, 2026Network Security / Vulnerability Cybersecurity researchers are calling attention to a new campaign where threat actors are...
How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
The Hacker NewsMar 10, 2026Artificial Intelligence / Threat Detection Artificial Intelligence (AI) is no longer just a tool we talk...
The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when...
APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
Ravie LakshmananMar 10, 2026Cyber Espionage / Threat Intelligence The Russian state-sponsored hacking group tracked as APT28 has been observed using...
Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
Ravie LakshmananMar 10, 2026Cloud Security / API Security Salesforce has warned of an increase in threat actor activity that's aimed...
CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
Ravie LakshmananMar 10, 2026Vulnerability / Enterprise Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security...
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan...
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
Ravie LakshmananMar 09, 2026DevOps / Threat Intelligence The North Korean threat actor known as UNC4899 is suspected to be behind...
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
Ravie LakshmananMar 09, 2026Cybersecurity / Hacking Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers...
Can the Security Platform Finally Deliver for the Mid-Market?
The Hacker NewsMar 09, 2026Endpoint Security / Security Operations Mid-market organizations are constantly striving to achieve security levels on a...
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a...
